Does Workload Identity Give Job Access to All Other Services Regardless of ACL?

I read in the docs (Workload Identity | Nomad | HashiCorp Developer) that the implicit workload identity policy gives all jobs access to list or read any nomad service registration. Is this true? Is there any way to limit the services which are visible to a job? This seems like a security hole.